New platform removes risk of password phishing, says Accumulate

Swedish company Accumulate has implemented a version of the OpenID standard for mobile phones.

OpenID is a Web-based single sign-on platform that lets users log in to many different sites using a user name and password via a third party. Currently it works at more than 50,000 Web sites, according to Accumulate. The new Mobile OpenID client works with devices based on Android, Nokia Series 40 and 60, Windows Mobile, BlackBerry devices and phones that support Java. There is also a browser-based client for the iPhone, and Accumulate is currently working on a native client for the Apple's smartphone.

Using OpenID makes the log-in process much simpler, according to Stefan Hultberg, CEO at Accumulate. But since you are still authenticating using a user name and password it doesn't make it that much more secure, as that information can be stolen by hackers, he said. He argued that Mobile OpenID eliminates that risk factor by moving the authentication process from the PC to the mobile phone.

Users must first register with Mobile OpenID and install the mobile client on their phone. Then, once the mobile user launches the Mobile OpenID client using a personal identification code, logging onto a secure site follows the normal OpenID process. The user navigates to the desired Web site that supports OpenID and enters a personalized URL. The log-in request is redirected to the Accumulate's server, which confirms the request and sends the user back to the desired site.

On Mobileopenid.com users can see a log of visited sites and also choose what information that they want to share.

The platform includes APIs that let anyone set up a separate authentication infrastructure for their own Web site.